Python Developer

•       Be part of a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications.

•       Work with Development,  DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.

•       Define the security rules that needs to be adhered to at a code level in web and mobile applications written in .NET, Java, React, Python and other languages.

•       With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines.

•       Support security standards, create templates and patterns to increase the efficiency and adoption of security program.

•       Work with our partners to implement, manage, and optimizing security measures within our GitHub repositories to continuously improve code integrity and protect against vulnerabilities.

Required skillset:

•       Must have: 5+ years software development experience using Python

o       Working with APIs, including but not limited to ReST

o       Unit testing frameworks

o       Multi-process and multi-thread architecture

•       Must have: 5+ years in linux, strong bash scripting skills.

•       Good understanding of SQL to extract relevant information for reporting and analysis

•       Working knowledge of windows environment, simple scripting dos-batch etc.

•       Bachelor’s degree with 10+ years of work experience in the IT field

•       Ability to process large datasets for reporting and analysis.

Desired Skillset:

•       A self-starter, with a strong desire for learning new technologies and applying them to solve problems

•       Knowledge of SAST, OSS technologies

•       Ability to perform Python code reviews with minimal assistance

•       Expertise in monitoring, alerting, reporting, data analysis is desired.

•       Experience with application build environments like Jenkins, Teamcity etc.

•       DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a  plus

•       Experience with evaluation, integration and onboard of security tools such as DAST, RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc is a plus